What's left to doo on NTS
Gary E. Miller
gem at rellim.com
Sat Mar 2 17:30:02 UTC 2019
Yo Eric!
On Sat, 2 Mar 2019 11:36:03 -0500
"Eric S. Raymond" <esr at thyrsus.com> wrote:
> Gary E. Miller via devel <devel at ntpsec.org>:
> > The way Mark explained it to me, you want one NTS-KE per aisle, or
> > per rack. That limits the number of servers, with keys, that need
> > to be protected.
>
> I now think this plan is a mistake and that Hal did the right thing by
> building key service into ntpd itself.
The opinion that counts is that of Cisco. Anyone asked them?
> If you don't trust that your LAN is secured enough to do that, you
> can't trust it enough to pass NTS-KE traffic over it either.
Not the LAN, your containers.
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
gem at rellim.com Tel:+1 541 382 8588
Veritas liberabit vos. -- Quid est veritas?
"If you can’t measure it, you can’t improve it." - Lord Kelvin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 851 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20190302/92108ea8/attachment.bin>
More information about the devel
mailing list